Group Privilege Reference

Group privileges are specified on the Privileges tab in a group definition. Privileges allow the administrator to grant permission to perform specific Composer functions to all members of a group.

The following table describes each privilege and whether it is enabled by default when you create a new group.

UI Privilege Name API Privilege Names Assign this privilege to allow group members to... Enabled by Default?
Can Administer Dashboards ROLE_ADMINISTER_DASHBOARDS

Add, modify, or remove dashboards in the account, including dashboards created by other users.

When this privilege is granted, the Can Create Dashboards, Can Generate Dashboard Public Link, Can Export Dashboards & Data Sources, and Can Manage Dashboard Permissions privileges are also automatically selected.

Only for the Administrators group
Can Administer Groups ROLE_ADMINISTER_GROUPS

Administer other Composer group definitions. When this privilege is granted, group users can:

  • Add or remove group definitions
  • Assign and remove users in a group definition
  • Restrict the ability to read, edit, and delete data source configurations by group members
  • Restrict the data source configurations available to the group
  • Authorize users in the group to perform specific Composer functions

This privilege does not allow group members to add or otherwise maintain user definitions.

Only for the Administrators group
Can Administer Themes ROLE_ADMINISTER_THEMES Create, read, update, delete, list, activate, and otherwise manage themes for the UI. Only for the Administrators group
Can Administer Users ROLE_ADMINISTER_USERS

Administer other Composer user definitions. When this privilege is granted, group users can:

  • Add, disable, and remove user definitions
  • Reset user passwords
  • Define user custom attributes and regional settings

This privilege does not allow group members to update groups or the groups to which a user is assigned. If your user ID is not assigned the Can Administer Groups privilege or is not an administrator, you cannot assign groups to a user. In addition, only administrators can assign users to the Administrators group.

Only for the Administrators group
Can Create Dashboards

ROLE_CREATE_DASHBOARDS

Create dashboards in Composer. If this privilege is not granted, the button is not available in the dashboard library. In addition, if this privilege is not granted, you cannot import a dashboard or make of copy a dashboard using the Save As dialog.

When the Can Administer Dashboards privilege is granted, this privilege is automatically granted.

Only for the Administrators group
Can Create new Data Sources

ROLE_CREATE_SOURCES

ROLE_DELETE_ALL_SOURCES

ROLE_MANAGE_ALL_SOURCES

ROLE_VIEW_ALL_SOURCES

ROLE_MANAGE_SOME_SOURCES

Create new data source configurations.

Only for the Administrators group
Can Create Scheduled Reports ROLE_CREATE_DASHBOARD_REPORTS Create scheduled dashboard reports. Only for the Administrators group
Can Edit Calculations ROLE_EDIT_FORMULAS

Add or edit custom metrics. When this privilege is not granted, the Custom Metrics section on the Fields tab of a data source configuration does not appear in the UI.

Note: You cannot disable the Can Read Calculations privilege if Can Edit Calculations is selected. If group users can edit custom metrics, they can also use them in visuals.

Yes
Can Export Dashboards & Data Sources ROLE_EXPORT_DASHBOARDS

Download data sources and to export dashboard configuration JSON files. If this privilege is not granted, users in the group can still export dashboards as screenshots (PNG) or PDF files, but they cannot export the dashboard configuration.

When the Can Administer Dashboards privilege is granted, this privilege is automatically granted.

Yes
Can Generate Dashboard Public Link ROLE_SHARE_DASHBOARDS

Generate a dashboard public link that can be shared externally with non-Composer users or with users in a different Composer account using the API endpoint /api/dashboards/{id}/key.

When the Can Administer Dashboards privilege is granted, this privilege is automatically granted.

API documentation is provided with your Composer installation at this link: https://<composer-URL>/composer/swagger-ui.html.

Yes
Can Generate Embed Code ROLE_GENERATE_EMBED_CODE Generate an embeddable dashboard snippet for a dashboard in the dashboard library. See Embed Composer v6 Dashboards. Only for the Administrator's Group
Can Invoke Actions ROLE_INVOKE_ACTIONS Invoke an action template from a visual. Only for the Administrators group
Can Manage Action Templates ROLE_MANAGE_ACTION_TEMPLATES Add, modify, or remove the action templates required to integrate Composer visual and dashboard data into your third-party applications. Action templates define your third-party application to Composer. Only for the Administrators group
Can Manage Connections ROLE_MANAGE_CONNECTIONS

Add, modify, or remove the data store connection definitions used by Composer connectors and the query engine to connect to your data stores.

Note that a user without this privilege cannot add a data source configuration to Composer if data store connections have not previously been defined.

Only for the Administrators group
Can Manage Custom Charts ROLE_MANAGE_VISUALIZATION_TEMPLATES Use the CLI to create custom charts and to allow them to manage custom charts using the Composer UI. Only for the Administrators group
Can Manage Dashboard Permissions ROLE_PERMISSION_DASHBOARDS

Assign permissions to a dashboard. If your user has the Can Administer Dashboards privilege, they automatically have this privilege as well. If this privilege is not granted, the icon on the dashboard icon bar does not appear in the UI. See About Dashboard Authorization.

When the Can Administer Dashboards privilege is granted, this privilege is automatically selected.

Only for the Administrators group.
Can Manage Visuals ROLE_MANAGE_VISUALS Create, read, update, and delete visuals independently from dashboards in the Visual Gallery. Users without this privilege will still be able to use and manipulate visuals within dashboards. Only for the Administrators group
Can Read Calculations ROLE_READ_FORMULAS

Use available custom metrics in visuals. If this privilege is not granted, custom metrics do not appear in the field lists for a data source configuration.

Note: You cannot disable the Can Read Calculations privilege if Can Edit Calculations is selected. If group users can edit custom metrics, they can also use them in visuals.

Yes
Can Save Filters ROLE_SAVE_FILTERS

Save (and share) filters created in visuals and dashboards. When this privilege is not granted, the privilege does not appear on Filter dialogs in the UI.

Yes